"Hey, I'm /u/ceejayoz's new iPhone! Bwahahahahahaha. Ahem. I promise I'm really the iMessage client you're expecting. Start sending me a copy of all their potentially sensitive messages."
Again, how do we not classify that as a security issue?
If you’re referring to the history, then it cannot talk to the iCloud keychain, and even if it could, it would require your credentials. Same thing if you are just talking about incoming messages, they need your credentials. If they have those you’re already fucked. And also, they could just have taken an iPhone and log in there with your credentials.
It isn’t proxying afaik, it is calling the Apple servers directly. The only thing getting to Beeper servers (and that can be disabled) is an IDS key without its matching decryption key, for Beeper to be able to see if messages are coming to signal the phone (which has the encryption key but is not connected continuously) to fetch it and show the notification.
At the very least, it's being proxied through the third-party Beeper app, which Apple has no reason to trust. (Nor the Android device it's running on.)
> In tests, signing in with our Apple ID generated an Apple prompt that noted our ID was being used to sign in with a device “near Los Angeles, CA” (where we are not located.)
> What is stopping me from buying a second-hand old iPhone and doing this without Beeper?
In that scenario, you're still using the official client, which Apple presumably knows isn't silently siphoning messages off to somewhere else. You're on official hardware with an official client.
5. "Gah! Beeper was hacked/compromised/deliberately siphoning off Apple ID credentials into a log/error reporting/bad actor's database and now millions of people have had their sensitive texts and other iCloud data exposed."
Facebook and LinkedIn used to try to get people to hand over their email credentials so they could "help you find your friends on Facebook"; people were correctly skeptical then. Giving my Apple ID to a third-party seems insane, given what can be done with it, and I'd imagine Apple sees it the same way.
> Giving my Apple ID to a third-party seems insane
That's fair. You'd be happy to learn that literally no one is forcing you to hand over your Apple ID to Beeper. Your approach is very good for your account safety, but you don't need to keep other people safe from themselves.
Do you have similar concerns when people use non-Google-approved email clients to use Gmail, or alternative YouTube clients, or Signal/Telegram forks?
Perhaps you think HN should ban alternative clients or weird web browsers too. Too bad a lot of people think interoperating clients are important or we would be left with the Web Integrity crap to "keep us safe".
> Do you have similar concerns when people use non-Google-approved email clients to use Gmail.
If they ask for credentials, absolutely. Google has both an OAuth flow and the ability to generate app-specific passwords (which correctly have very limited abilities) so I never have to pass over the real creds.
I have never given my Gmail credentials to Apple, but I get my mail just fine.
Google requires you to register an application and get it approved to log in with OAuth, you can't just use it with arbitrary callback URLs. Why should I need to ask Google permission to use my own data, or ask for Google's permission to allow other apps to use my data?
If the Beeper service is totally fine, and you mind their auth methodology, perhaps you should complain about Apple not providing better iMessage auth options.
Instead, you complain about users being able to give their own data to an app they chose to install.
> Google requires you to register an application and get it approved to log in with OAuth, you can't just use it with arbitrary callback URLs. Why should I need to ask Google permission to use my own data, or ask for Google's permission to allow other apps to use my data?
_An_ Apple device. Not _your_ Apple device.